(###)

CPSC 538M: Systems Security

[**Overview**](#overview)  **//**  [**Registration and Prerequisites**](#registration-and-prerequisites)  **//**  [**Evaluation**](#course-structure-and-grading)  **//**  [**Class schedule**](#reading-list)

Overview

This is a research-oriented graduate course covering topics on security and privacy techniques for software systems in the web, cloud, mobile, and edge.

Learning objectives:

Instructor: Aastha Mehta ( [firstname]k[lastinitial] [AT] cs.ubc.ca )

Office hours: Mon, 12:00 - 13:00h PT, or by appointment

Class hours: Mon/Wed 10:30 – 12:00 hours PT, ORCH 4052

Web tools: Piazza

Registration and Prerequisites

Registration: Note, the last date to add/drop out of the course is 16 Sep 2024.

Prerequisites: Undergraduate knowledge of operating systems, architecture, networking, databases, and software engineering is essential. Any background in security is welcome but not required. The course is intended for Masters and Ph.D. students in Computer Science, but enterprising Bachelors students are welcome to participate.

Prerequisites for bachelors students: Fourth year standing, satisfying honors requirements. Students should have taken CPSC 313 and CPSC 317. Having taken at least one of CPSC 435A or CPSC 436S is great, but not mandatory.

Evaluation

The primary goal of this course is to prepare you to do research. Therefore, the evaluation for this course consists of only two components (tentative, subject to change until the beginning of the course):

Class participation (35%):

Project (65%): The course project must be done in teams of 2-4. The goal of the project is to conduct original research in computer security. You are encouraged to come up with your own ideas, but you can talk to the instructor for some ideas that are well-scoped for a course project.

The project deliverables will include a research proposal, a proposal presentation, a final presentation, and a final report. For more details, please check the project page.

Class schedule

Here is a tentative schedule of papers to be covered in the class.

Date
Topic Preparation material Additional resources
Sep 02 *Labour Day*
Sep 04 Introduction, security overview, threat models
Sep 09 Access control [Qapla](https://aasthakm.github.io/files/sec17-qapla.pdf) [IVD](https://research.facebook.com/file/2955782641347996/63-ivd-camera-ready-sp17.pdf) [Zanzibar](https://www.usenix.org/system/files/atc19-pang.pdf)
Sep 11 Noninterference principle [Decentralized Label Model](https://www.cs.cornell.edu/andru/papers/iflow-tosem.pdf) [DC Labels](http://www.cse.chalmers.se/~russo/publications_files/nordsec2011.pdf)
Sep 16 Information flow control (IFC) [RESIN](https://pdos.csail.mit.edu/papers/resin:sosp09/resin:sosp09.pdf) [Hails](https://www.usenix.org/system/files/conference/osdi12/osdi12-final-35.pdf)
Sep 18 IFC in big data systems [Grok/Legalese](https://www.andrew.cmu.edu/user/danupam/sen-guha-datta-oakland14.pdf)
Sep 23 Software vulnerabilities [Eternal War in Memory](https://nebelwelt.net/files/13Oakland.pdf)
Sep 25 Control flow safety [CFI principles](https://users.soe.ucsc.edu/~abadi/Papers/cfi-tissec-revised.pdf) [CFI Bending](https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-carlini.pdf)
Sep 30 *Regional holiday -- National Day for Truth and Reconciliation*
Oct 02 Software fault isolation [XFI](https://www.usenix.org/legacy/event/osdi06/tech/full_papers/erlingsson/erlingsson.pdf) [SFI principles](https://cseweb.ucsd.edu/~dstefan/cse227-spring21/papers/tan:sfi.pdf)
Oct 07 Privilege separation [Preventing Privilege Escalation](https://www.usenix.org/legacy/events/sec03/tech/full_papers/provos_et_al/provos_et_al.pdf)
Oct 09
  • Virtualization and Isolation
  • ***Project proposal reports due***
  • [KVM/ARM](http://www.cs.columbia.edu/~nieh/pubs/asplos2014_kvmarm.pdf)
  • [Firecracker](https://www.usenix.org/system/files/nsdi20-paper-agache.pdf)
  • Oct 14 Modeling isolation abstractions
    Oct 16 Hardware isolation primitives [Video](https://www.youtube.com/watch?v=MREwcSo0uz4)
    Oct 21 x86 TEEs [SCONE](https://www.usenix.org/system/files/conference/osdi16/osdi16-arnautov.pdf)
    Oct 23 Project proposal presentations
    Oct 28 ARM TEEs [ReZone](https://www.usenix.org/system/files/sec22fall_cerdeira.pdf) [Sanctuary](https://www.ndss-symposium.org/wp-content/uploads/2019/02/ndss2019_01A-1_Brasser_paper.pdf)
    Oct 30 Security for accelerators [Graviton](https://www.usenix.org/system/files/osdi18-volos.pdf) [HIX](http://calab.kaist.ac.kr:8080/~jhuh/papers/jang_asplos19.pdf)
    Nov 04 Cache-timing side channels
  • [Flush+Reload](https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-yarom.pdf)
  • [Prime+Probe](http://palms.ee.princeton.edu/system/files/SP_vfinal.pdf)
  • [Survey](https://eprint.iacr.org/2016/613.pdf)
    Nov 06 Cache side-channel mitigations
  • [Constant-time technique](https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/secure-coding/mitigate-timing-side-channel-crypto-implementation.html)
  • [Predictive Mitigation](https://www.cs.cornell.edu/andru/papers/ccs10.pdf)
  • Nov 11 *mid-term break*
    Nov 13 *mid-term break*
    Nov 18 Transient execution attacks [Spectre](https://spectreattack.com/spectre.pdf) [Survey](https://dl.acm.org/doi/pdf/10.1145/3442479)
    Nov 20 Transient execution attack mitigations [Swivel](https://www.usenix.org/system/files/sec21fall-narayan.pdf) [ConTExT](http://www.attacking.systems/web/files/context.pdf)
    Nov 25 Hardware-software contracts
  • Nov 27 Network Security TLS/VPN/IPSec, Tor
    Dec 02 Network side-channel attacks
  • [Side channels in web](https://www.microsoft.com/en-us/research/wp-content/uploads/2016/02/WebAppSideChannel-final.pdf)
  • [Beauty and the Burst](https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-schuster.pdf)
  • [Survey](https://dl.acm.org/doi/pdf/10.1145/3457904)
    Dec 04 Network side-channel mitigations NetShaper
    Dec 20 Final project reports due [How to write a great research paper](https://www.microsoft.com/en-us/research/academic-program/write-great-research-paper/)

    (###) Additional reading





    (###) Acknowledgements

    UBC’s main Vancouver campus—including our classroom and other course spaces—is located on the traditional, ancestral and unceded territory of the Musqueam people. These lands have always been a place of learning for Musqueam youth, who were instructed in their culture, history, and tradition, and who in turn shared their knowledge with a new generation.